Friday, August 19, 2011
Security considerations must be addressed when deploying IPv6
IPv6 is a large-scale change to how users connect to the internet. As a result, companies working to migrate to the new standard need to understand the impact it will have on how they keep data secure. According to a recent Light Reading report, companies that neglect to deal with security in light of IPv6 leave themselves vulnerable to attack.
One of the most important things businesses need to account for when deploying IPv6 infrastructure is that the protocol was originally designed to be more secure. However, industry expert Merike Kaeo told the news source that security was built around common threats in the late 1990s, when IPv6 was developed, not now, when cyber criminals have become more sophisticated.
Kaeo told Light Reading that IPv6 routing solutions deal with data packets and fragmentation differently that IPv4 systems. Furthermore, IPv6 requires users to enable IPsec, which enables advanced security protocols running in the background at all times. However, many users have been deploying IPsec incorrectly and assuming they are more secure than they actually are.
Industry expert Thomas Maufer told the news source many companies believe they simply need to flip a switch to turn IPsec on when they deploy IPv6. However, public key Infrastructure is needed to use IPsec properly and many businesses skip this step, leaving themselves vulnerable, he said.
The report also emphasized that IPv6 users cannot simply assume that network address translation will benefit them as a security technology. Kaeo told the news source many businesses consider NAT as a security feature when it is not designed for that use.
"I actually think that NAT has been falsely touted as a security feature. A lot of people misunderstand that even with NAT, you are not as secure as you might think you are. And it complicates a lot of issues in the network, for auditing capability and traceability," Kaeo told Light Reading.
Many companies are rapidly beginning the migration to the IPv6 protocol as IPv4 address exhaustion is on the horizon. In some regions, such as Asia-Pacific, regional registries are already out of IPv6 addresses, making migration especially urgent, even for businesses in other parts of the world. This urgency comes, in part, because end users deploying IPv6 cannot access websites running exclusively in IPv4.